Start the configuration of the analysis by opening the EvLog 3.0 GUI:
Click on the Analyze now! button to run the analysis of the events for the last 24 hours, using the default settings: Application, System and Security logs and all event types. The report should open in the default web browser, with the events aggregated.
Once the analysis is complated, proceed to adjust the analysis details as necessary, configuring the filters, setting the email parameters (if the emailing of the report is required), and formatting of the HTML report.
During the installation, the EvLog 3.0 Service is started and set to Automatic, however, the scheduled analysis is not enabled by default. To run the analysis on a daily basis, set the Schedule enabled checkbox to Check and configure the Time to run the analysis. EvLog can have several configuration files, some used for specific, adhoc analysis and others for the regular, scheduled analysis. Either Browse to the configuration to be used for the scheduled analysis or use the Current button to set it as the configuration currently open in the GUI. Make sure to Save once the changes are made. Pressing Save will also restart the service so it can read the new settings. If a syslog server is configured somewhere on the network or on the local computer, EvLog can be configured to send the analyzed events to the syslog server. Switch to the Syslog tab and enter the corresponding syslog server details (host and port) and make sure that the option to send to the syslos is checked.
EvLog 3.0 can be used to monitor the event logs for intervals smaller than just once per day. To do this, the command line version of the analyzer has to be used, in combination with the Microsoft Task Scheduler. See Using the CLI for more details about this.